Will Groundbreaking New Privacy Software Restore Anonymity to the Net?

Psst. Want to be a secret agent? Use the software that makes the NSA, CIA and FBI anxious and afraid? It's called Freedom, and the uninspired name belies a radical edge. Freedom is the market's first answer to surveillance online a "privacy solution" that lets anyone browse, e-mail, or post without leaving electronic fingerprints. Be disguised for $49.95.

But why go undercover, if you have nothing to
hide? Because the Internet has changed. Once a relatively anonymous scene, it has now become a zone of almost total transparency. Monitoring is the norm, and not all of the collected information is trivial. Movement through a site gets recorded in click streams, which flow right into data banks. Some browsers reveal users' IP addresses, and if they do, it's a short hop to name, telephone number, street address, and a bulging consumer dossier.

Freedom wraps such revealing information in encrypted envelopes, so data snoops can never parse your true identity or the content of e-mail. At the heart of the program are 5 pseudonymous identities, or NYMs as they are called, each with a mailbox such as yourfakename@freedom.net. Activate a NYM before browsing, and cookies will be contained in that NYM's own "Cookie Jar." Even the smartest cookie can only reference the browsing history of the NYM itself. So if with one NYM you visit Koop.com for cancer information, and with another NYM visit Allstate Insurance's site, neither company can learn about visits to the other. Zero Knowledge recommends creating separate NYMs for political, personal, and business activities.

illustration: Limbert Fabian

The specter of these foolproof fake IDs is precisely what interests our three-letter spy agencies. If such software were widely used, the Internet would change from a place where everybody leaves a data trail to one where newbies, pedophiles, and terrorists are equally cloaked. Consultants working on behalf of the CIA and NSA have been in touch with Zero Knowledge, says its president and cofounder, 26-year-old Austin Hill. The FBI, which wants to use the software for reconnaissance work, is worried that in public hands Freedom will foil stings, and they've asked Hill to come to Quantico for a briefing. (Located in Canada, Zero Knowledge is exempt from U.S. encryption regulations.)

But Freedom may pose an even bigger challenge for marketers, who will have a harder time catching consumers. Right now, they bet that the
online payday will come from new levels of precision marketing, but in a pseudonymous world, it becomes hard to match a name to a browser. DoubleClick, the leading online ad firm, for example, recently shelled out $1 billion to purchase Abacus, a company that amasses consumer profile data. But the profiles will be useless if DoubleClick can't match them with
netizens online. Could Zero Knowledge spell the end of profile-driven marketing?

Americans care deeply about privacy. But their concern is a mile wide and an inch deep. In opinion polls, 80 percent of respondents say they worry about privacy online, but this anxiety does not lead to action. Only a small fraction of e-mails get encrypted, even though the messages are almost as public as a postcard. (Commercial mailers that allow pseudonyms, such as Hotmail, include revealing information in "header files," and are about as secure as a sieve, as 50 million users learned late last month, when the free Microsoft service was cracked wide open.)

Partly, the contradiction exists because the threats to privacy are so diffuse. Unlike direct marketing junk mail, which is a visible nuisance, constantly reminding us of its incorrigibility, electronic surveillance occurs offstage. We may see shadows, but we have little certainty beyond the folk wisdom that data profiteers lurk in cyberspace. In fact, some fears are misplaced. Web sites are no more likely to abuse a credit card number than the average waiter is, yet we trust the waiter much more.

A far more vulnerable commodity is speech. Many sites archive news postings and e-mails for-
ever. That snide remark about your boss could be haunting. But you don't have to be an alcoholic, or HIV positive, to have an unguarded admission used against you. And you don't have to be a fellow traveler to see how today's innocent comment could have new meaning down the road.

For this reason, there have always been products designed to keep the Internet anonymous, and Freedom is just the next evolutionary step after remailers and anonymizers. These provide a layer of protection by routing e-mail and browsing commands through a series of servers but they are complicated to use and not very popular among regular Web users. The most successful of them, anonymizer.com, masks your IP address in exchange for hitting you with banner ads. But because it does not use encryption, this anonymizer is relatively easy to circumvent. Internet security consultant Richard M. Smith recently found that
a simple Java application could force the anonymizer to reveal an IP address.

Remailers for e-mail and posting tend to be mom-and-pop or nonprofit enterprises, and consequently are neither easy to use nor well supported. What's worse is that many operate at the mercy of the courts. Just ask Johan Helsingius, who used to run a popular remailer out of Finland and became a cause célèbre of privacy advocates. In this well-known case, a customer used Helsingius's service to post anonymous harangues against the Church of Scientology. But when the church sued for libel, a judge ordered Helsingius to reveal the critic's identity.

Not repeating the Helsingius case was a priority for Zero Knowledge, and they've succeeded in making the software court order­proof. It is technically impossible to trace a message over the Freedom Network once it's been sent. No judge could compel Zero Knowledge to turn over its logs or customer list there are none. And nobody, not even Zero Knowledge, can connect you to your NYM. That only leaves hackers.

"Sure, you could hack the system by taking over the entire Internet, but short of that, probably not," says Zero Knowledge's chief scientist, Ian Goldberg, a 26-year-old cryptography master. He hacked the
algorithms used in Europe to protect against cell phone eavesdropping, a standard that had been secure for five years. Goldberg found the flaw in five hours. Their mistake, he says, was developing the security in secret. Zero Knowledge's protocols are open source, and that means the code evolves organically, like Linux does, with the help of the cypherpunk community. A beta version was intuitive to use and simple to set up. But browsing slowed noticeably on a 56k modem. Hill, the Zero Knowledge president, says the lag will be improved in the public version, set for a December 1 release date.

Of course, for every electronic veil that these cryptographers bring to market, some data entrepreneur will embed a serial number in hardware (like Intel infamously did earlier this year) that makes the presumption of privacy moot. And as each new tracking device is discovered, new countermeasures will be taken to cloak the user again. It's going to be a long story, this arms race between privacy and surveillance.

For the consumer, it often seems like a choice between autonomy and convenience, the security of being unknown and the pleasure of being recognized. But in a pseudonymous world, one can reap the benefits of both sides. We all wear social masks anyway. Maybe Freedom will bring them to the desktop.